research-article

Open access

Poisoning Attack on Federated Knowledge Graph Embedding

Authors:

Peiran DongAuthors Info & Claims

WWW '24: Proceedings of the ACM Web Conference 2024

Pages 1998 - 2008

https://doi.org/10.1145/3589334.3645422

Published: 13 May 2024 Publication History

Abstract

Federated Knowledge Graph Embedding (FKGE) is an emerging collaborative learning technique for deriving expressive representations (i.e., embeddings) from client-maintained distributed knowledge graphs (KGs). However, poisoning attacks in FKGE, which lead to biased decisions by downstream applications, remain unexplored. This paper is the first work to systematize the risks of FKGE poisoning attacks, from which we develop a novel framework for poisoning attacks that force the victim client to predict specific false facts. Unlike centralized KGEs, FKGE maintains KGs locally, making direct injection of poisoned data challenging. Instead, attackers must create poisoned data without access to the victim's KG and inject it indirectly through FKGE aggregation. Specifically, to create poisoned data, the attacker first infers the targeted relations in the victim's local KG via a new KG component inference attack. Then, to accurately mislead the victim's embeddings via aggregation, the attacker locally trains a shadow model using the poisoned data and uses an optimized dynamic poisoning scheme to adjust the model and generate progressive poisoned updates. Our experimental results demonstrate the attack's effectiveness, achieving a remarkable success rate on various KGE models (e.g., 100% on TransE with WN18RR) while keeping the original task's performance nearly unchanged.

Supplemental Material

MP4 File

Video presentation

Download
1428.13 MB

MP4 File

Supplemental video

Download
26.25 MB

References

[1]

Martin Abadi, Andy Chu, Ian Goodfellow, H Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016. Deep learning with differential privacy. In Proc. of the 2016 ACM SIGSAC conference on computer and communications security. 308--318.

Digital Library

[2]

Farah Atif, Ola El Khatib, and Djellel Difallah. 2023. BeamQA: Multi-hop Knowledge Graph Question Answering with Sequence-to-Sequence Prediction and Beam Search. In Proc. of the 46th International ACM SIGIR Conference on Research and Development in Information Retrieval. 781--790.

Digital Library

[3]

Peru Bhardwaj, John Kelleher, Luca Costabello, and Declan O'Sullivan. 2021. Adversarial Attacks on Knowledge Graph Embeddings via Instance Attribution Methods. In Proc. of the 2021 Conference on Empirical Methods in Natural Language Processing. 8225--8239.

[4]

Peru Bhardwaj, John Kelleher, Luca Costabello, and Declan O'Sullivan. 2021. Poisoning Knowledge Graph Embeddings via Relation Inference Patterns. In Proc. of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing. 1875--1888.

[5]

Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot. 2023. Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation. In Proc. of the 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). IEEE, 241--257.

[6]

Kurt Bollacker, Colin Evans, Praveen Paritosh, Tim Sturge, and Jamie Taylor. 2008. Freebase: a collaboratively created graph database for structuring human knowledge. In Proc. of the 2008 ACM SIGMOD international conference on Management of data. 1247--1250.

Digital Library

[7]

Antoine Bordes, Nicolas Usunier, Alberto Garcia-Duran, Jason Weston, and Oksana Yakhnenko. 2013. Translating embeddings for modeling multi-relational data. In Proc. of the Advances in neural information processing systems.

[8]

Matteo Campanelli, Dario Fiore, and Anaïs Querol. 2019. Legosnark: Modular design and composition of succinct zero-knowledge proofs. In Proc. of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2075--2092.

Digital Library

[9]

Xiaoyu Cao, Jinyuan Jia, Zaixi Zhang, and Neil Zhenqiang Gong. 2023. Fedrecover: Recovering from poisoning attacks in federated learning using historical information. In Proc. of the 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 1366--1383.

[10]

Hao Chen, Kim Laine, and Peter Rindal. 2017. Fast private set intersection from homomorphic encryption. In Proc. of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1243--1255.

Digital Library

[11]

Mingyang Chen, Wen Zhang, Zhen Yao, Xiangnan Chen, Mengxiao Ding, Fei Huang, and Huajun Chen. 2022. Meta-Learning Based Knowledge Extrapolation for Knowledge Graphs in the Federated Setting. In Proc. of the Thirty-First International Joint Conference on Artificial Intelligence (IJCAI-22).

[12]

Mingyang Chen, Wen Zhang, Zonggang Yuan, Yantao Jia, and Huajun Chen. 2021. Fede: Embedding knowledge graphs in federated setting. In Proc. of the 10th International Joint Conference on Knowledge Graphs. 80--88.

Digital Library

[13]

Mingyang Chen, Wen Zhang, Zonggang Yuan, Yantao Jia, and Huajun Chen. 2022. Federated knowledge graph completion via embedding-contrastive learning. Knowledge-Based Systems 252 (2022), 109459.

Digital Library

[14]

Mingyang Chen, Wen Zhang, Yushan Zhu, Hongting Zhou, Zonggang Yuan, Changliang Xu, and Huajun Chen. 2022. Meta-knowledge transfer for inductive knowledge graph embedding. In Proc. of the 45th International ACM SIGIR Conference on Research and Development in Information Retrieval. 927--937.

Digital Library

[15]

Khoa Doan, Yingjie Lao, Weijie Zhao, and Ping Li. 2021. Lira: Learnable, imperceptible and robust backdoor attacks. In Proc. of the IEEE/CVF international conference on computer vision. 11966--11976.

[16]

Junnan Dong, Qinggang Zhang, Xiao Huang, Keyu Duan, Qiaoyu Tan, and Zhimeng Jiang. 2023. Hierarchy-Aware Multi-Hop Question Answering over Knowledge Graphs. In Proc. of the ACM Web Conference 2023. 2519--2527.

Digital Library

[17]

Ethereum. 2013. Go Ethereum. https://github.com/ethereum/go-ethereum.

[18]

Shijie Geng, Zuohui Fu, Juntao Tan, Yingqiang Ge, Gerard De Melo, and Yongfeng Zhang. 2022. Path language modeling over knowledge graphsfor explainable recommendation. In Proc. of the ACM Web Conference 2022. 946--955.

Digital Library

[19]

Tao Guo, Song Guo, and JunxiaoWang. 2023. pFedPrompt: Learning Personalized Prompt for Vision-Language Models in Federated Learning. In Proc. of the ACM Web Conference 2023. 1364--1374.

Digital Library

[20]

Tao Guo, Song Guo, Junxiao Wang, Xueyang Tang, and Wenchao Xu. 2023. Promptfl: Let federated participants cooperatively learn prompts instead of models-federated learning in age of foundation model. IEEE Transactions on Mobile Computing (2023).

[21]

Yuke Hu, Wei Liang, Ruofan Wu, Kai Xiao, Weiqiang Wang, Xiaochen Li, Jinfei Liu, and Zhan Qin. 2023. Quantifying and Defending against Privacy Threats on Federated Knowledge Graph Embedding. In Proc. of the ACM Web Conference 2023. 2306--2317.

Digital Library

[22]

Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, and Ni Trieu. 2017. Practical multi-party private set intersection from symmetric-key techniques. In Proc. of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1257--1272.

Digital Library

[23]

Ganlin Liu, Xiaowei Huang, and Xinping Yi. 2022. Adversarial Label Poisoning Attack on Graph Neural Networks via Label Propagation. In Proc. of the European Conference on Computer Vision. Springer, 227--243.

Digital Library

[24]

Lihui Liu, Yuzhong Chen, Mahashweta Das, Hao Yang, and Hanghang Tong. 2023. Knowledge Graph Question Answering with Ambiguous Query. In Proc. of the ACM Web Conference 2023. 2477--2486.

Digital Library

[25]

James MacQueen et al. 1967. Some methods for classification and analysis of multivariate observations. In Proc. of the fifth Berkeley symposium on mathematical statistics and probability.

[26]

Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Proc. of the Artificial intelligence and statistics. PMLR, 1273--1282.

[27]

Hamid Mozaffari, Virat Shejwalkar, and Amir Houmansadr. 2023. Every Vote Counts: Ranking-Based Training of Federated Learning to Resist Poisoning Attacks. In Proc. of the 32nd USENIX Security Symposium (USENIX Security 23).

[28]

Xudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, and Min Yang. 2022. Hidden trigger backdoor attack on {NLP} models via linguistic style manipulation. In Proc. of the 31st USENIX Security Symposium (USENIX Security 22). 3611--3628.

[29]

Hao Peng, Haoran Li, Yangqiu Song, Vincent Zheng, and Jianxin Li. 2021. Differentially private federated knowledge graphs embedding. In Proc. of the 30th ACM International Conference on Information & Knowledge Management. 1416--1425.

Digital Library

[30]

Benny Pinkas, Thomas Schneider, and Michael Zohner. 2014. Faster private set intersection based on {OT} extension. In Proc. of the 23rd USENIX Security Symposium (USENIX Security 14). 797--812.

[31]

Mayank Rathee, Conghao Shen, Sameer Wagh, and Raluca Ada Popa. 2023. Elsa: Secure aggregation for federated learning with malicious actors. In Proc. of the 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 1961--1979.

[32]

Amrita Roy Chowdhury, Chuan Guo, Somesh Jha, and Laurens van der Maaten. 2022. Eiffel: Ensuring integrity for federated learning. In Proc. of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 2535--2549.

[33]

Tara Safavi and Danai Koutra. 2020. CoDEx: A Comprehensive Knowledge Graph Completion Benchmark. In Proc. of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP).

[34]

Fabian M Suchanek, Gjergji Kasneci, and Gerhard Weikum. 2007. Yago: a core of semantic knowledge. In Proc. of the 16th international conference on World Wide Web. 697--706.

Digital Library

[35]

Zhiqing Sun, Zhi-Hong Deng, Jian-Yun Nie, and Jian Tang. 2018. RotatE: Knowledge Graph Embedding by Relational Rotation in Complex Space. In Proc. of the International Conference on Learning Representations.

[36]

Kristina Toutanova, Danqi Chen, Patrick Pantel, Hoifung Poon, Pallavi Choudhury, and Michael Gamon. 2015. Representing text for joint embedding of text and knowledge bases. In Proc. of the 2015 conference on empirical methods in natural language processing. 1499--1509.

[37]

Théo Trouillon, Johannes Welbl, Sebastian Riedel, Éric Gaussier, and Guillaume Bouchard. 2016. Complex embeddings for simple link prediction. In Proc. of the International conference on machine learning. PMLR, 2071--2080.

[38]

Aidmar Wainakh, Alejandro Sanchez Guinea, Tim Grube, and Max Mühlhäuser. 2020. Enhancing privacy via hierarchical federated learning. In Proc. of the 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 344--347.

[39]

Xiting Wang, Kunpeng Liu, Dongjie Wang, Le Wu, Yanjie Fu, and Xing Xie. 2022. Multi-level recommendation reasoning over knowledge graphs with reinforcement learning. In Proc. of the ACM Web Conference 2022. 2098--2108.

Digital Library

[40]

Zhen Wang, Jianwen Zhang, Jianlin Feng, and Zheng Chen. 2014. Knowledge graph embedding by translating on hyperplanes. In Proc. of the AAAI conference on artificial intelligence, Vol. 28.

[41]

Chenkai Weng, Kang Yang, Xiang Xie, Jonathan Katz, and Xiao Wang. 2021. Mystique: Efficient conversions for {Zero-Knowledge} proofs with applications to machine learning. In Proc. of the 30th USENIX Security Symposium (USENIX Security 21). 501--518.

[42]

Wikidata. 2023. Wikidata: a free and open knowledge base that can be read and edited by both humans and machines. Retrieved March 20, 2023 from https://www.wikidata.org/

[43]

Gavin Wood et al. 2014. Ethereum: A Secure Decentralised Generalised Transaction Ledger. Ethereum project yellow paper 151, 2014 (2014), 1--32.

[44]

Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, and Ion Stoica. 2018. {DIZK}: A distributed zero knowledge proof system. In Proc. of the 27th USENIX Security Symposium (USENIX Security 18). 675--692.

[45]

Wenhan Xiong, Thien Hoang, and William Yang Wang. 2017. DeepPath: A Reinforcement Learning Method for Knowledge Graph Reasoning. In Proc. of the 2017 Conference on Empirical Methods in Natural Language Processing. 564--573.

[46]

Bishan Yang, Scott Wen-tau Yih, Xiaodong He, Jianfeng Gao, and Li Deng. 2015. Embedding Entities and Relations for Learning and Inference in Knowledge Bases. In Proc. of the International Conference on Learning Representations (ICLR).

[47]

Wenkai Yang, Yankai Lin, Peng Li, Jie Zhou, and Xu Sun. 2021. Rethinking stealthiness of backdoor attack against nlp models. In Proc. of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers). 5543-- 5557.

[48]

Yuhao Yang, Chao Huang, Lianghao Xia, and Chenliang Li. 2022. Knowledge graph contrastive learning for recommendation. In Proc. of the 45th International ACM SIGIR Conference on Research and Development in Information Retrieval. 1434--1443.

Digital Library

[49]

Zhanpeng Yang, Yuanming Shi, Yong Zhou, Zixin Wang, and Kai Yang. 2022. Trustworthy federated learning via blockchain. IEEE Internet of Things Journal 10, 1 (2022), 92--109.

[50]

Xiaoyu You, Beina Sheng, Daizong Ding, Mi Zhang, Xudong Pan, Min Yang, and Fuli Feng. 2023. MaSS: Model-agnostic, Semantic and Stealthy Data Poisoning Attack on Knowledge Graph Embedding. In Proc. of the ACM Web Conference 2023. 2000--2010.

Digital Library

[51]

Fuzheng Zhang, Nicholas Jing Yuan, Defu Lian, Xing Xie, andWei-Ying Ma. 2016. Collaborative knowledge base embedding for recommender systems. In Proc. of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. 353--362.

Digital Library

[52]

Hengtong Zhang, Tianhang Zheng, Jing Gao, Chenglin Miao, Lu Su, Yaliang Li, and Kui Ren. 2019. Data poisoning attack against knowledge graph embedding. In Proc. of the 28th International Joint Conference on Artificial Intelligence. 4853--4859.

[53]

Kai Zhang, Yu Wang, Hongyi Wang, Lifu Huang, Carl Yang, and Lichao Sun. 2022. Efficient Federated Learning on Knowledge Graphs via Privacy-preserving Relation Embedding Aggregation. In Proc. of ACL 2022 Workshop on Federated Learning for Natural Language.

[54]

Shangfei Zheng, Weiqing Wang, Jianfeng Qu, Hongzhi Yin, Wei Chen, and Lei Zhao. 2023. Mmkgr: Multi-hop multi-modal knowledge graph reasoning. In Proc. of the 2023 IEEE 39th International Conference on Data Engineering (ICDE). IEEE, 96--109.

[55]

Xiangrong Zhu, Guangyao Li, and Wei Hu. 2023. Heterogeneous federated knowledge graph embedding learning and unlearning. In Proc. of the ACM Web Conference 2023. 2444--2454.

Digital Library

Cited By

Meng LLiang KYu HLiu YZhou SLiu MLiu X(2024)FedEAN: Entity-Aware Adversarial Negative Sampling for Federated Knowledge Graph ReasoningIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.346451636:12(8206-8219)Online publication date: Dec-2024
https://doi.org/10.1109/TKDE.2024.3464516

Index Terms

Poisoning Attack on Federated Knowledge Graph Embedding
1. Computing methodologies
  1. Artificial intelligence
    1. Knowledge representation and reasoning

Recommendations

Logits Poisoning Attack in Federated Distillation
Knowledge Science, Engineering and Management
Abstract
Federated Distillation (FD) is a novel and promising distributed machine learning paradigm, where knowledge distillation is leveraged to facilitate a more efficient and flexible cross-device knowledge transfer in federated learning. By optimizing ...
Two-phase Defense Against Poisoning Attacks on Federated Learning-based Intrusion Detection
Abstract
The Machine Learning-based Intrusion Detection System (ML-IDS) becomes more popular because it doesn't need to manually update the rules and can recognize variants better, However, due to the data privacy issue in ML-IDS, the Federated Learning-...
A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning
The prosperity of machine learning has been accompanied by increasing attacks on the training process. Among them, poisoning attacks have become an emerging threat during model training. Poisoning attacks have profound impacts on the target models, e.g., ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WWW '24: Proceedings of the ACM Web Conference 2024

May 2024

4826 pages

ISBN:9798400701719

DOI:10.1145/3589334

General Chairs:
Tat-Seng Chua
National University of Singapore
,
Chong-Wah Ngo
Singapore Management University
,
Proceedings Chair:
Roy Ka-Wei Lee
Singapore University of Technology and Design
,
Program Chairs:
Ravi Kumar
Google
,
Hady W. Lauw
Singapore Management University

Copyright © 2024 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Available / v1.1

Author Tags

Qualifiers

Research-article

Funding Sources

the National Natural Science Foundation of China
Hong Kong RGC Research Impact Fund
Shenzhen Science and Technology Innovation Commission
National Key Research and Development Program of China
General Research Fund
the Key-Area Research and Development Program of Guangdong Province

Conference

WWW '24

Sponsor:

SIGWEB

WWW '24: The ACM Web Conference 2024

May 13 - 17, 2024

Singapore, Singapore

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
799
Total Downloads

Downloads (Last 12 months)799
Downloads (Last 6 weeks)105

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Meng LLiang KYu HLiu YZhou SLiu MLiu X(2024)FedEAN: Entity-Aware Adversarial Negative Sampling for Federated Knowledge Graph ReasoningIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.346451636:12(8206-8219)Online publication date: Dec-2024
https://doi.org/10.1109/TKDE.2024.3464516

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten